Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:11, on 2008-08-21
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\Pakiet F-Secure\Common\FSM32.EXE
D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Pakiet F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Pakiet F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Pakiet F-Secure\Common\FSMA32.EXE
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Pakiet F-Secure\Common\FSMB32.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\svchost.exe
C:\Program Files\Pakiet F-Secure\Common\FCH32.EXE
D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Pakiet F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Pakiet F-Secure\Common\FAMEH32.EXE
C:\Program Files\Pakiet F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\Pakiet F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\Pakiet F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Pakiet F-Secure\FSAUA\program\fsus.exe
C:\Program Files\Pakiet F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Pakiet F-Secure\Anti-Virus\fsav32.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Winamp\winamp.exe
D:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Avant Browser\avant.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Documents and Settings\Dominik\Pulpit\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [F-Secure Manager] “C:\Program Files\Pakiet F-Secure\Common\FSM32.EXE” /splash
O4 - HKLM…\Run: [F-Secure TNB] “C:\Program Files\Pakiet F-Secure\FSGUI\TNBUtil.exe” /CHECKALL /WAITFORSW
O4 - HKLM…\Run: [sunJavaUpdateSched] “D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe”
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [soundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM…\Run: [soundMAX] “D:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 - HKLM…\Run: [QuickTime Task] “D:\WINDOWS\system32\qttask.exe” -atboottime
O4 - HKLM…\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM…\Run: [NBKeyScan] “D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKCU…\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU…\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-19…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetupo.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-20…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetupo.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetupo.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - HKUS.DEFAULT…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetupo.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘Default user’)
O4 - Startup: RocketDock.lnk = C:\Program Files\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\Program Files\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\Program Files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y’z Shadow.lnk = C:\Program Files\Vista Inspirat 2\YzShadow\YzShadow.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ … leId=21871
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://webmail.pconnect.biz/InternalSi … ompMgr.cab
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pakiet F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pakiet F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pakiet F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: Agent zarządzania F-Secure (FSMA) - F-Secure Corporation - C:\Program Files\Pakiet F-Secure\Common\FSMA32.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
–
End of file - 7409 bytes